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DETAILED ACTION 

1. This action is responsive to communication: original application filed 

1 December 2000, with acknowledgement of a continuing data filing date of 09 May 2000. 

2. Claims 1-54 are currently pending in this application. Claims 1, 16, 19, 26, 40, 43, 50, 
53, and 54 are independent claims. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language 

4. Claims 1-12, 14-36, 38-54 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Hunt et al. U.S. Patent No. 6,496,855 (hereinafter *855). 

As to independent claim 1, "A method for privacy management, 
comprising: providing a linked collection of interactive resources through which 
a user is able to exchange information with an enterprise that provides the 
resources; assigning respective, non-uniform privacy policies to at least some of 
the resources regarding use of the information that is exchanged through the 
resources; providing to the user accessing a given one of the resources the 
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respective privacy policy for that resource; and exchanging with the user at least 
a portion of the information that is associated with the given one of the 
resources, subject to the provided privacy policy" is taught in '855 col. 2, 
lines 31-65, 

As to dependent claim 2, "wherein exchanging the information with the 
user comprises receiving private information submitted to the enterprise by the 
user" is shown in '855 col. 2, lines 5-16. 

As to dependent claim 3 "wherein receiving the private information 
comprises receiving the user's agreement to the privacy policy, and recording the 
private information together with an indication of the privacy policy agreed upon" 
is disclosed in '855 col. 2, lines 19-33. 

As to dependent claim 4, "and comprising: intercepting a request from an 
application to use the private information received from the users; querying the 
application to determine its compliance with the privacy policy subject to which 
the requested information was received; and providing the requested information 
subject to the compliance of the application with the privacy policy" is taught in 
'855 col. 5, lines 37-67. 

As to dependent claim 5, "wherein assigning the non-uniform privacy 
policies comprises assigning a first privacy policy to a first one of the resources 
and a second, different privacy policy to a second one of the resources" is shown 
in *855 col. 7, lines 52-65. 
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As to dependent claim 6, "wherein providing the linked collection of 
interactive resources comprises arranging the resources in a hierarchy of nodes 
that comprises a root node, such that each of the nodes except for the root node 
has a parent node in the hierarchy, and wherein assigning the non-uniform 
privacy policies comprises assigning to each of at least some of the nodes, 
including the nodes associated with the first and second resources, one or more 
respective privacy rules regarding use of the information that is associated with 
the node, and setting for each of the nodes a node privacy policy that comprises 
the privacy rules assigned to the node combined, for each of the nodes except 
the root node, with the node privacy policy of its parent node" is disclosed in '855 
col. 7, lines 52-65. 

As to dependent claim 7, "wherein providing the privacy policy to the user 
comprises informing the user who has exchanged the information associated 
with the first resource subject to the first privacy policy of a difference in the 
second privacy policy relative to the first privacy policy before exchanging the 
information associated with the second resource" is taught in '855 col. 5, 
lines 44-45. 

As to dependent claim 8, "wherein assigning the non-uniform privacy 
policies comprises assigning an initial privacy policy to one of the resources, and 
subsequently making a change in the initial privacy policy so as to assign a 
modified privacy policy to the resource, and wherein providing the privacy policy 
to the user comprises informing a user who has exchanged information with the 
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resource subject to the initial privacy policy of the change" is shown in col. 3, 
lines 52-67. 

As to dependent claim 9, "wherein informing the user comprises prompting 
the user to provide an input to indicate whether the user accepts or rejects the 
change" is disclosed in '855 col. 5, lines 44-45. 

As to dependent claim 10, "wherein assigning the privacy policies 
comprises storing the privacy policies in a computer server belonging to the 
enterprise, and wherein providing the privacy policy to the user comprises 
intercepting a request by the user to access the given resource and providing the 
privacy policy for the resource responsive to the request" is shown in '855 col. 2, 
lines 6-33. 

As to dependent claim 11, "wherein the collection of resources comprises 
a collection of Web pages accessible through a Web site of the enterprise" is 
disclosed in '855 col. 2, lines 36-46. 

As to dependent claim 12, "wherein providing the privacy policy comprises 
conveying the policy in a standard form for presentation by a Web browser" is 
taught in '855 col. 5, line 55 through col. 6, line 5. 

As to dependent claim 14, "wherein assigning the non-uniform privacy 
policies comprises determining a rating for each of the policies based on a 
predetermined rating scale" is shown in '855 col. 6, lines 44-64. 

As to dependent claim 15, "wherein assigning the non-uniform privacy 
policies comprises defining first and second user classes and defining, for a 
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given one of the resources, different first and second privacy policies, 
respectively, for the first and second user classes, and wherein providing the 
privacy policy to the user comprises determining whether the user belongs to the 
first or second class, and providing the first or the second privacy policy 
accordingly" is disclosed in '855 col. 7, lines 52-65. 

As to independent claim 16, "A method for privacy management, 
comprising: arranging a body of information in a hierarchy of nodes that 
comprises a root node, such that each of the nodes except for the root node has 
a parent node in the hierarchy; assigning to each of at least some of the nodes 
one or more respective privacy rules regarding use of the information that is 
associated with the node; setting for each of the nodes a node privacy policy that 
comprises the privacy rules assigned to the node combined, for each of the 
nodes except the root node, with the node privacy policy of its parent node" is 
taught in '855 col. 7, lines 52-65; 

"providing to a user who accesses a given one of the nodes the node 
privacy policy for that node; and exchanging with the user at least a portion of 
the information that is associated with the given one of the nodes, subject to the 
provided privacy policy" is shown in *855 col. 6, lines 44-64, 

As to dependent claims 17, 18 these claims are substantially similar to 
claims 2, 11 therefore they are rejected along the same rationale. 

As to independent claim 19, "A method for privacy management, 
comprising: providing a linked collection of interactive resources through which 
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a user is able to exchange information with an enterprise that provides the 
resources, at least some of the resources having privacy policies associated 
therewith regarding use of the information that is exchanged through the 
resources; receiving information from users who access the resources subject to 
the privacy policies" is disclosed in '855 col. 2, lines 31-65; 

"intercepting a request from an application to use the information received 
from the users; querying the application to determine its compliance with the 
privacy policies subject to which the requested information was received; and 
providing the requested information subject to the compliance of the application 
with the privacy policies" is taught in '855 col. 5, lines 37-50. 

As to dependent claims 20-24 these claims are substantially similar to 
claims 11, 5, 6, and 7 therefore they are rejected along the same rationale. 

As to dependent claim 22, "wherein providing the requested information 
comprises checking the compliance of the application with the privacy rules 
respectively applicable to each of the items of the information requested by the 
application" is shown in '855 col. 7, lines 52-65. 

As to dependent claim 25, "and comprising making a record of the request 
and of the information provided responsive thereto in a log for review in a 
subsequent privacy audit" is disclosed in '855 col. 3, lines 58-67. 

As to independent claim 26, this claim is directed to the apparatus of the 
method of claim 1 and is rejected along the same rationale. 
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As to dependent claims 27-36, 38, and 39 these claims are substantially 
similar to claims 2-12 and 14; therefore they are rejected along the same 
rationale. 

As to independent claim 40, this claim is directed to the apparatus of the 
method of claim 16 and is rejected along the same rationale. 

As to dependent claims 41 and 42 these claims are substantially similar to 
claims 2 and 11; therefore they are rejected along the same rationale. 

As to independent claim 43, this claim is directed to the apparatus of the 
method of claim 19 and is rejected along the same rationale. 

As to dependent claims 44 and 45 these claims are substantially similar to 
claims 11 and 5; therefore they are rejected along the same rationale. 

As to dependent claim 46, "wherein the server is arranged to check the 
compliance of the application with the privacy rules respectively applicable to 
each of the items of the information requested by the application" is taught in '855 
col. 5, lines 37-65. 

As to dependent claim 47, "wherein when the server is arranged, upon 
determining that the application does not comply with the rules respectively 
applicable to a given one of the items, to refuse to provide the requested 
information with respect to the given item, while providing information regarding 
another of the items with respect to which the application does comply with the 
respectively applicable rules" is shown in '855 coL 3, lines 61-67 and col. 5, lines 44- 
45. 
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As to dependent claim 48, "wherein the server is arranged to receive the 
items from first and second ones of the users subject to respective first and 
second privacy policies, and to check the compliance of the application with both 
the first and the second privacy policies" is disclosed in col. 7, lines 62-65. 

As to dependent claim 49, "wherein the server is adapted to make a record 
of the request and of the information provided responsive thereto in a log for 
review in a subsequent privacy audit" is taught in col. 3, lines 57-61. 

As to independent claim 50, this claim is directed to the computer software 
of the method of claim 1 and is rejected along the same rationale. 

As to dependent claims 51 and 52 these claims are substantially similar to 
claims 2, 3, and 11; therefore they are rejected along the same rationale. 

As to independent claim 53, this claim is directed to the computer software 
of the method of claim 16 and is rejected along the same rationale. 

As to independent claim 54, this claim is directed to the computer software 
of the method of claim 19 and is rejected along the same rationale. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 



Application/Control Number: 09/728,661 
Art Unit: 2134 



Page 10 



6. Claims 13 and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over '855 as 
applied to claims 1 and 26, in further view of Barrett et al. U.S. Patent No. 6,581,059 
(hereinafter '059). 

As to dependent claim 13, the following is not taught in '855 "wherein the 
standard form comprises a from specified by the Platform for Privacy Preferences 
Project (P3P)" however '059 teaches "The information communication protocol 
and information ontology are based upon the W3C's P3P specification. The 
W3C;s P3P specification" in col. 5, lines 45-47. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855, a Web site regitration proxy system to include the use of P3P 
format. One of ordinary skill in the art would have been motivated to perform such a 
modification to expand the use of the intemet as indicated by '059 (see col. 1, lines 65 et seq.) 
Recently, a protocol known as Platform for Privacy Preferences Project (P3P) has been proposed 
by the World Wide Web Consortium (W3C). The P3P protocol enables World Wide Web sites to 
inform a user of a web browser of a Web sites privacy practices and allow the user of the web 
browser to exercise preferences based upon those practices". 

As to dependent claim 37, this claim is substantially similar to claim 13 and 
therefore is rejected along the same rationale. 



Application/Control Number: 09/728,661 
Art Unit: 2134 



Page 1 1 



Conclusion 



7. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Ellen C Tran whose telephone number is 

(703) 305-8917. The examiner can normally be reached on 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone 

number for the organization where this application or proceeding is assigned is 703- 

872-9306, 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 306-5484. 



Ellen. Tran 
Patent Examiner 
Technology Center 2134 
13 July, 2004 




